24 matches found
EUVD-2006-6338
Malware in sbrugna...
EUVD-2004-2190
Malware in sbrugna...
EUVD-2005-2051
Malware in sbrugna...
DUforum 3.x messages.asp FOR_ID Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's...
DUClassmate 1.x ICity Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24637/info DUClassmate is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...
DUware DUclassmate 1.x default.asp iState Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14036/info DUclassmate is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker...
DUware DUclassmate 1.x edit.asp iPro Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14036/info DUclassmate is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker...
CVE-2006-6355
SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049...
CVE-2006-6355
CVE-2006-6355 describes an SQL injection in DUware DUclassmate (default.asp via the iCity parameter; iState is covered by CVE-2005-2049). The issue arises from inadequate input sanitization, allowing remote attackers to execute arbitrary SQL commands. Connected sources corroborate the vulnerabili...
CVE-2006-6355
SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049...
aria-duclass.txt
Aria-Security Team Advisory Original Advisory: http://www.aria-security.com/forum/showthread.php?t=59 ----------------------------------------------------------- Software: DuClassmate Method: SQL Injection Vendor: http://www.duware.com/ PoC: http://target/default.asp?iState=SQL Injection...
[Aria-Security Team] DuWare DuClassMate SQL Injection Vuln
Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory: http://www.aria-security.com/forum/showthread.php?t=59 ----------------------------------------------------------- Software: DuClassmate Method: SQL Injection Vendor:...
DUClassmate 1.x - ICity SQL Injection
DUClassmate 1.x - ICity SQL Injection source: https://www.securityfocus.com/bid/24637/info DUClassmate is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...
CVE-2004-2198
The CVE-2004-2198 entry relates to DUware DUclassmate 1.0–1.1, where an attacker can remotely change arbitrary user passwords by tampering with the MM_recordId parameter on the My Account page. The connected data also note related issues in DUware products (e.g., DUclassmate, DUclassified, DUforu...
CVE-2004-2198
account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MMrecordId parameter on the "My Account" page...
DUclassmate Multiple Scripts SQL Injection
The remote host is running DUclassmate, a web-based classmates listing and friends search application from DUware and written in ASP. The installed version of DUclassmate fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws...
Echo Security Advisory 2005.19
--------------------------------------------------------------------------- ECHOADV19$2005 Multiple SQL INJECTION in DUWARE Products --------------------------------------------------------------------------- Author: Dedi Dwianto Date: June, 22th 2005 Location: Indonesia, Jakarta Web:...
CVE-2005-2049
Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 iState parameter to default.asp or 2 iPro parameter to edit.asp...
CVE-2005-2049
Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 iState parameter to default.asp or 2 iPro parameter to edit.asp...
CVE-2005-2049
CVE-2005-2049 affects DuWare Duclassmate 1.2. The vulnerability is a SQL injection in the ASP web app where unsanitized input from (1) iState to default.asp and (2) iPro to edit.asp is used in SQL queries. This allows remote attackers to execute arbitrary SQL commands and potentially access/modif...